httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ashley Gould <>
Subject [users@httpd] SSL and AuthType Basic
Date Mon, 22 Aug 2005 20:58:17 GMT
I want to force use of https on directories where authentication is 
required to avoid sending htpasswords in the clear.  Example:

<Directory /web/www-data/blah/blah>
    RewriteEngine        on
    RewriteCond          %{HTTPS} !=on
    RewriteRule     (.*)$1 [R]

    AuthType Basic
    AuthName "Restricted Area"
    AuthUserFile /usr/local/etc/httpd/htpasswd
    AuthGroupFile /usr/local/etc/httpd/htgroup
    Require group admins

This seems to work fine.  As soon as I authenticate, I'm pushed into
https.  But is the authentication itself actually encrypted?  What is
apache's behavior in this case?

p.s. mod_rewrite experts feel free to make suggestions about my rules.



Did you try poking at it with a stick?

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message